[go: up one dir, main page]

US20090235326A1 - SYSTEM AND METHOD FOR UPDATING USER IDENTIFIERS (IDs) - Google Patents

SYSTEM AND METHOD FOR UPDATING USER IDENTIFIERS (IDs) Download PDF

Info

Publication number
US20090235326A1
US20090235326A1 US11/720,775 US72077505A US2009235326A1 US 20090235326 A1 US20090235326 A1 US 20090235326A1 US 72077505 A US72077505 A US 72077505A US 2009235326 A1 US2009235326 A1 US 2009235326A1
Authority
US
United States
Prior art keywords
user
update
policy
unauthorized access
updating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US11/720,775
Other versions
US8522305B2 (en
Inventor
Yeong-Sub Cho
Sang-Rae Cho
Dae-Seon Choi
Jong-Hyouk Noh
Tae-Sung Kim
Seung-Hyun Kim
Seung-Hun Jin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electronics and Telecommunications Research Institute ETRI
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority claimed from PCT/KR2005/003550 external-priority patent/WO2006062289A1/en
Assigned to ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE reassignment ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHOI, DAE-SEON, CHO, SANG-RAE, CHO, YEONG-SUB, JIN, SEUNG-HUN, KIM, SEUNG-HYUN, KIM, TAE-SUNG, NOH, JONG-HYOUK
Publication of US20090235326A1 publication Critical patent/US20090235326A1/en
Application granted granted Critical
Publication of US8522305B2 publication Critical patent/US8522305B2/en
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • the present invention relates to a system and method for updating user identifiers (IDs), and more particularly, to a method and system for dynamically creating and updating user identifiers (IDs) shared between systems according to system security environments.
  • a user gets memberships of various service provider servers and thus receives services provided from the service provider servers. If a user requests a subscription to a service provider server, the service provider server requests the user to register an identifier (ID) and a password, validates a user authorization using the ID and password registered by the user and then provides services to the user.
  • ID identifier
  • Many users have so many user IDs and passwords that they cannot correctly remember all their IDs and passwords. Accordingly, many systems provide a function for integrating and managing user's IDs and passwords.
  • Korean Patent Application No. 10-2000-0030890 entitled “The Method for Managing ID and Password”, discloses a function for preventing a user from forgetting his/her IDs and passwords by enabling the user to integrate and manage his/her IDs and passwords registered on various service provider servers.
  • the user in the Korean Patent Application No. 10-2000-0030890, the user must obtain an authentication from each service provider server whenever he/she accesses one of the service provider servers to use services thereof, which causes inconvenience when the user has registered on many service provider servers.
  • a “Passport” system created by Microsoft Corporation is an example of an SSO on the Internet.
  • a single service provider server manages user IDs, and other service provider servers are federated with the server provider server managing the user IDs.
  • user IDs and passwords are centrally managed by a service provider server of Microsoft Corporation, users are concerned about privacy protection.
  • the Liberty Alliance Group has defined a so-called “Federated Name Identifier” method, in which service provider severs, each managing user IDs and passwords, are federated with each other through an agreement and provide an SSO to users.
  • the method assigns randomly created user IDs to the users without using the users' actual IDs and manages the encoded user IDs. That is, when a user accesses a service provider server SP in order to use services of the service provider server SP after he/she obtains an authentication through his/her ID from an ID service provider server IDSP, the ID service provider server IDSP transmits a pre-stored user ID for the service provider server SP to the service provider server SP.
  • the service provider server SP confirms through the user ID transmitted from the ID service provider server IDSP a fact that the user obtains an authentication, thereby requiring no further authentication for the user.
  • the user ID transmitted to the service provider server SP is a randomly encoded user ID.
  • the Liberty Alliance Group defines a method for creating user IDs, but has no definition regarding when or under which circumstances user IDs should be updated. If system or user ID information is hacked, the user ID must be instantly updated. Also, in circumstances where unauthorized access attempts on a system are frequent, associated user IDs must be frequently updated in order to ensure security.
  • the present invention provides a method for dynamically creating and updating user identifiers (IDs) shared between systems, considering system or user security environments, such as unauthorized access of systems, unauthorized access of user ID information, etc.
  • IDs user identifiers
  • a user identifier (ID) update system comprising: a security environment collecting unit collecting unauthorized access attempt information for a user ID; an ID policy creating unit creating a user ID update policy for an encoded user ID obtained by encoding the user ID, according to the unauthorized access attempt information received from the security environment collecting unit; an ID policy storage unit storing the user ID update policy; and an ID update unit loading the user ID update policy from the ID policy storage unit, creating a new user ID according to the user ID update policy, and changing the user ID to the new user ID.
  • ID user identifier
  • a user identifier (ID) updating method comprising: (a) collecting unauthorized access attempt information for a user ID; (b) creating a user ID update policy for an encoded user ID obtained by encoding the user ID, according to the unauthorized access attempt information collected in operation (a); (c) storing the user ID update policy created in operation (b); (d) loading the user ID update policy stored in operation (c) and determining whether or not to update the user ID; and (e) creating a new user ID if it is determined in operation (d) that the user ID should be updated, and changing the user ID to the new user ID.
  • a user identifier (ID) updating method comprising: (a) receiving a user ID update policy created by a service provider server which is federated with a user ID update system through the user ID; (b) storing the user ID update policy received in operation (a); (c) loading the user ID update policy stored in operation (b) and determining whether or not to update the user ID; and (d) creating a new user ID if it is determined in operation (c) that the user ID should be updated, and changing the user ID to the new user ID.
  • FIG. 1 is a block diagram of a user identifier (ID) update system according to an embodiment of the present invention
  • FIG. 2 is a view for explaining examples of user IDs shared between the user ID update system illustrated in FIG. 1 and service provider servers;
  • FIG. 3 is a view illustrating an example of a user ID updating policy illustrated in FIG. 1 ;
  • FIG. 4 is a flowchart illustrating a user ID updating method according to an embodiment of the present invention.
  • FIG. 6 is a flowchart illustrating a user ID updating method according to another embodiment of the preset invention.
  • FIG. 1 is a block diagram of a user identifier (ID) update system 100 according to an embodiment of the present invention.
  • the user ID update system 100 includes a security environment collecting unit 110 , an ID policy creating unit 120 , an ID policy storage unit 130 , an ID policy transmitting unit 140 , an ID policy receiving unit 150 , an ID update unit 160 , an ID transmitting unit 170 , and an ID receiving unit 180 .
  • the ID update unit 160 includes an ID creating part 162 and an ID storage part 164 .
  • the security environment collecting unit 110 collects unauthorized access attempt information on the user ID update system 100 and user IDs.
  • the user IDs are randomly encoded user IDs.
  • the ID policy creating unit 120 creates a user ID update policy according to the unauthorized access attempt information received from the policy environment collecting unit 110 .
  • the user ID update policy will be described in detail later with reference to FIG. 3 .
  • the ID policy storage unit 130 stores the user ID update policy created by the ID policy creating unit 120 .
  • the ID policy transmitting unit 140 provides the user ID update policy created by the ID policy creating unit 120 to a service provider server which is federated with the user ID update system 100 through the user ID.
  • the service provider server which is federated with the user ID update system 100 through the user ID updates the user ID under a predetermined condition, according to the user ID update policy created by the ID policy creating unit 120 .
  • each service provider server which is federated with the user ID update system 100 through the user ID, stores all user IDs which are shared by the user ID update system 100 and the service provider server.
  • the user ID update system 100 transmits the user ID shared by the service provider server to the service provider server. Accordingly, the user can use the services of the service provider server without any further authentication.
  • the ID policy receiving unit 150 receives the user ID update policy created by the service provider server which is federated with the user ID update system 100 through the user ID, and stores the received user ID update policy in the ID policy storage unit 130 .
  • the ID update unit 160 loads the user ID update policy stored in the ID policy storage unit 130 , creates and stores a new user ID according to the user ID update policy, and changes the pre-stored user ID to the new user ID.
  • the ID update unit 160 includes the ID creating part 162 and the ID storage part 164 as described above.
  • the ID creating part 162 loads the user ID update policy from the ID policy storage unit 130 and creates the new user ID according to the user ID update policy.
  • the ID storage part 164 stores the new user ID created by the ID creating part 162 , and changes the pre-stored user ID to the new user ID.
  • the ID transmitting unit 170 transmits the new user ID to the service provider server which is federated with the user ID update system 100 through the user ID.
  • the user ID update system 100 and the service provider server federated with the user ID update system 100 through the user ID respectively store user IDs which are shared by them. If the user ID update system 100 creates and updates a new user ID, it transmits the new user ID to the service provider server, so that the service provider server also updates the corresponding user ID.
  • the ID receiving unit 180 receives a new user ID created by the service provider server federated with the user ID update system 100 through the user ID, and transmits the new user ID to the ID update unit 160 .
  • the ID update unit 160 stores the new user ID in the ID storage part 164 and changes the pre-stored user ID to the new user ID.
  • FIG. 2 is a view for explaining examples of user IDs shared between a user ID update system 200 and service provider servers;
  • the user ID update system 200 uses “Joe123” as a user ID for the user “Joe”, a first service provider server 220 uses “JoeS” as a user ID for the user “Joe”, and a second service provider server 240 uses “JSch” as a user ID for the user “Joe”.
  • the user ID update system 200 uses “mr3tTJ3401mN2ED” as a user ID for the user “Joe” and the user ID “mr3tTJ3401mN2ED” is stored in the user ID update system 200 and the first service provider server 220 .
  • the first service provider server 220 uses “dTvliRcMIpCqV6xX” as a user ID for the user “Joe” and the user ID “dTvliRcMIpCqV6xX” is stored in the user ID update system 200 and the first service provider server 220 .
  • the user IDs shared between the user ID update system 200 and the first service provider server 220 must be randomly created and periodically updated in order to prevent the user IDs from being revealed.
  • the user ID update system 200 uses “xyrVds+xg0/pzSgx” as a user ID for the user “Joe” and the user ID “xyrVds+xg0/pzSgx” is stored in the user ID update system 200 and the second service provider server 240 .
  • the second service provider server 240 uses “pfk9uzUN9JcWmk4RF” as a user ID for the user “Joe” and the user ID “pfk9uzUN9JcWmk4RF” is stored in the user ID update system 200 and the second service provider server 240 .
  • the user IDs shared between the user ID update system 200 and the second service provider server 240 must be randomly created and periodically updated in order to prevent the user IDs from being revealed.
  • FIG. 3 is a view illustrating an example of the user ID update policy illustrated in FIG. 1 .
  • the user ID update policy may be one of an update_Now policy, an update_Short policy, an update_Long policy, and an update_Normal policy.
  • the update_Now policy is applied to immediately update the user ID when the user ID update system 200 or the user ID is accessed without authorization.
  • the update-policy is set to immediately update the user ID.
  • the update_Short policy is applied to update the user ID as promptly as possible when unauthorized access attempts on the user ID update system 200 or user ID information are frequent.
  • a determination on whether or not unauthorized access attempts are frequent depends as to the number of unauthorized access attempts occurring during a predetermined period (that is, it is determined that unauthorized access attempts are frequent when the number of unauthorized access attempts exceeds a predetermined number).
  • the update_Short policy is set to update the user ID after 10 days have elapsed.
  • the update_Long policy is applied to update the user ID more frequently than in a normal status when unauthorized access attempts on the user ID update system 200 or user ID information occasionally occur.
  • whether or not unauthorized access attempts are defined as happening occasionally depends on the number of unauthorized access attempts occurring during a predetermined period (that is, it is determined that unauthorized access attempts occasionally occur when the number of unauthorized access attempts is less than a predetermined number).
  • the update_Long policy is set to update the user ID after 30 days have elapsed.
  • the update_Normal policy is applied to normally update the user ID when there is no unauthorized access attempt on the user ID update system 200 and user ID information.
  • the update_Normal policy is set to update the user ID after 60 days have elapsed.
  • FIG. 3 illustrates an example where the update_Now policy is set to immediately update the user ID, the update_Short policy is set to update the user ID after 10 days have elapsed, the update_Long policy is set to update the user ID after 30 days have elapsed, and the update_Normal policy is set to update the user ID after 60 days have elapsed, but the invention is not limited to this.
  • FIG. 4 is a flowchart illustrating a user ID updating method according to an embodiment of the present invention.
  • unauthorized access attempt information on a user ID update system or user ID information is collected (operation S 400 ).
  • a user ID update policy for an encoded user ID obtained by encoding a user ID is created according to the unauthorized access attempt information collected in operation S 400 (operation S 410 ).
  • the user ID update policy may be one of: an update_Now policy for immediately updating a user ID; an update_Short policy for updating a user ID after 10 days have elapsed; an update_Long policy for updating a user ID after 30 days have elapsed; and an update_Normal policy for updating a user ID after 60 days have elapsed.
  • the user ID updating policies created according to the unauthorized access attempt information will be described in detail later with reference to FIG. 5 .
  • the user ID is an encoded user ID obtained by randomly encoding a user ID.
  • the user ID update policy stored in operation S 420 is loaded and it is determined whether or not the user ID should be updated (operation S 430 ).
  • a decision on whether or not the user ID should be updated depends on whether or not a predetermined period defined in the user ID update policy has elapsed.
  • operation S 430 If it is determined in operation S 430 that the user ID does not need to be updated, the process proceeds to operation S 440 so as to determine whether or not the predetermined time has elapsed. If it is determined in operation S 440 that he predetermined time has not elapsed, operation S 440 is repeated. If it is determined that the predetermined time has elapsed, the process returns to operation S 430 .
  • operation S 430 determines whether the user ID should be updated. If it is determined in operation S 430 that the user ID should be updated, the method proceeds to operation S 450 .
  • operation S 450 a new user ID is created.
  • the new user ID is stored and the pre-stored user ID is changed to the new user ID (operation S 460 ).
  • the new user ID created in operation S 460 is transmitted to a service provider server which is federated with the user ID update system through the user ID (operation S 470 ).
  • FIG. 5 is a flowchart illustrating in detail the operation S 410 illustrated in FIG. 4 . Referring to FIG. 5 , it is determined whether an unauthorized access attempt on the user ID occurs based on the unauthorized access attempt information collected in operation S 400 (operation S 411 ).
  • operation S 411 If it is determined in operation S 411 that no unauthorized access attempt occurs, the process proceeds to operation S 417 and the update_Normal policy is created. If it is determined in operation S 411 that an unauthorized access attempt occurs, the process proceeds to operation S 412 .
  • operation S 412 it is determined whether or not unauthorized access has occurred based on the unauthorized access attempt information.
  • operation S 412 If it is determined in operation S 412 that unauthorized access has occurred, the process proceeds to operation S 414 and the update_Now policy is created. On the contrary, if it is determined in operation S 413 that no unauthorized access has occurred, the process proceeds to operation S 413 .
  • operation S 413 it is determined whether or not the number of unauthorized access attempts exceeds a predetermined number. Different update policies can be applied according to whether the number of unauthorized access attempts is more or less than a predetermined number. If it is determined in operation S 413 that the number of unauthorized access attempts exceeds the predetermined number, the process proceeds to operation S 415 and the update_Short policy is created. Meanwhile, if it is determined in operation S 413 that the number of unauthorized access attempts is less than the predetermined number, the process proceeds to operation S 416 and the update_Long policy is created.
  • the user ID update policy may be one of: the update_Now policy, the update_Short policy, the update_Long policy, and the update_Normal policy.
  • the respective user ID update policies will now be described in detail.
  • the update_Now policy is used for immediately updating the user ID when the user ID update system or the user ID is accessed without authorization.
  • the updata_Now policy immediately updates the user ID.
  • the update_Short policy is used for updating the user ID as promptly as possible when unauthorized access attempts on the user ID update system or the user ID are frequent. Whether or not unauthorized access attempts are defined as being frequent depends on the number of unauthorized access attempts occurring during a predetermined period (that is, it is determined that unauthorized access attempts are frequent when the number of unauthorized access attempts exceeds a predetermined number).
  • the update_Short policy updates the user ID after 10 days have elapsed.
  • the update_Long policy is applied when unauthorized access attempts on the user ID update system or user ID information occasionally occur.
  • the update_Long policy updates the user ID after 30 days have elapsed.
  • the update_Normal policy is used for updating the user ID in a normal state when there is no unauthorized access attempt on the user ID update system and the user ID.
  • the update_Normal policy updates the user ID after 60 days have elapsed.
  • FIG. 5 illustrates an example in which the update_Now policy is set to immediately update the user ID, the update_Short policy is set to update the user ID after 10 days have elapsed, the update_Long policy is set to update the user ID after 30 days have elapsed, and the update_Normal policy is set to update the user ID after 60 days have elapsed, but the invention is not limited to this.
  • FIG. 6 is a flowchart illustrating a user ID updating method according to another embodiment of the present invention.
  • a service provider server which is federated with a user ID update system through a user ID receives a user ID update policy (operation S 600 ).
  • the user ID update policy may be one of: an update_Now policy for immediately updating a user ID; an update_Short policy for updating a user ID after 10 days have elapsed; an update_Long policy for updating a user ID after 30 days have elapsed; and an update_Normal policy for updating a user ID after 60 days have elapsed.
  • the user ID is an encoded user ID obtained by randomly encoding a user ID.
  • the user ID update policy stored in operation S 610 is loaded and it is determined whether or not the user ID should be updated (operation S 620 ). Whether or not the user ID should be updated depends on whether or not a predetermined period defined in the user ID update policy has elapsed.
  • operation S 620 If it is determined in operation S 620 that the user ID does not need to be updated, the process proceeds to operation S 630 and it is determined whether or not the predetermined time has elapsed. If it is determined in operation S 630 that the predetermined time has not elapsed, operation S 630 is repeated. If it is determined that the predetermined time has elapsed, the process reverts to operation S 620 .
  • operation S 620 determines whether the user ID should be updated. If it is determined in operation S 620 that the user ID should be updated, the process proceeds to operation S 640 .
  • operation S 640 a new user ID is created.
  • the new user ID is stored and the pre-stored user ID is changed to the new user ID (operation S 650 ).
  • the new user ID created in operation S 650 is transmitted to a service provider server which is federated with the user ID update system through the user ID (operation S 660 ).
  • the present invention can also be embodied as computer readable code on a computer readable recording medium.
  • the computer readable recording medium is any data storage device that can store data which can be thereafter read by a computer system. Examples of the computer readable recording medium include read-only memory (ROM), random-access memory (RAM), CD-ROMs, magnetic tapes, floppy disks, optical data storage devices, and carrier waves.
  • ROM read-only memory
  • RAM random-access memory
  • CD-ROMs compact discs, digital versatile discs, digital versatile discs, and Blu-rays, and Blu-rays, and Blu-rays, and Blu-rays, etc.
  • the computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

Provided are a system and method for updating a user identifier (ID). The user ID updating method includes: (a) collecting unauthorized access attempt information for a user ID; (b) creating a user ID update policy for an encoded user ID obtained by encoding the user ID, according to the unauthorized access attempt information collected in operation (a); (c) storing the user ID update policy created in operation (b); (d) loading the user ID update policy stored in operation (c) and determining whether or not to update the user ID; and (e) creating a new user ID if it is determined in operation (d) that the user ID should be updated, and changing the user ID to the new user ID. Therefore, it is possible to ensure security for user IDs, by dynamically creating and updating user IDs according to security environments.

Description

    CROSS-REFERENCE TO RELATED PATENT APPLICATIONS
  • This application claims the benefit of Korean Patent Applications Nos. 10-2004-0102390, filed on Dec. 7, 2004, and 10-2005-0051085, filed on Jun. 14, 2005, in the Korean Intellectual Property Office, the disclosures of which are incorporated herein in their entireties by reference.
    • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention relates to a system and method for updating user identifiers (IDs), and more particularly, to a method and system for dynamically creating and updating user identifiers (IDs) shared between systems according to system security environments.
  • 2. Description of the Related Art
  • Along with development and expansion of the Internet, electronic commerce is rapidly becoming a common feature of ever life. A user gets memberships of various service provider servers and thus receives services provided from the service provider servers. If a user requests a subscription to a service provider server, the service provider server requests the user to register an identifier (ID) and a password, validates a user authorization using the ID and password registered by the user and then provides services to the user. Many users have so many user IDs and passwords that they cannot correctly remember all their IDs and passwords. Accordingly, many systems provide a function for integrating and managing user's IDs and passwords.
  • Korean Patent Application No. 10-2000-0030890, entitled “The Method for Managing ID and Password”, discloses a function for preventing a user from forgetting his/her IDs and passwords by enabling the user to integrate and manage his/her IDs and passwords registered on various service provider servers. However, in the Korean Patent Application No. 10-2000-0030890, the user must obtain an authentication from each service provider server whenever he/she accesses one of the service provider servers to use services thereof, which causes inconvenience when the user has registered on many service provider servers.
  • Recently, a Single Sign-On (SSO) technique has been developed in which additional authentications are unnecessary once a user obtains an authentication from one of his/her subscribed service provider servers. A “Passport” system created by Microsoft Corporation is an example of an SSO on the Internet. In the “Passport” system, a single service provider server manages user IDs, and other service provider servers are federated with the server provider server managing the user IDs. However, since user IDs and passwords are centrally managed by a service provider server of Microsoft Corporation, users are worried about privacy protection.
  • In order to resolve this privacy protection issue, the Liberty Alliance Group has defined a so-called “Federated Name Identifier” method, in which service provider severs, each managing user IDs and passwords, are federated with each other through an agreement and provide an SSO to users. The method assigns randomly created user IDs to the users without using the users' actual IDs and manages the encoded user IDs. That is, when a user accesses a service provider server SP in order to use services of the service provider server SP after he/she obtains an authentication through his/her ID from an ID service provider server IDSP, the ID service provider server IDSP transmits a pre-stored user ID for the service provider server SP to the service provider server SP.
  • The service provider server SP confirms through the user ID transmitted from the ID service provider server IDSP a fact that the user obtains an authentication, thereby requiring no further authentication for the user. In this case, the user ID transmitted to the service provider server SP is a randomly encoded user ID.
  • The Liberty Alliance Group defines a method for creating user IDs, but has no definition regarding when or under which circumstances user IDs should be updated. If system or user ID information is hacked, the user ID must be instantly updated. Also, in circumstances where unauthorized access attempts on a system are frequent, associated user IDs must be frequently updated in order to ensure security.
    • SUMMARY OF THE INVENTION
  • The present invention provides a method for dynamically creating and updating user identifiers (IDs) shared between systems, considering system or user security environments, such as unauthorized access of systems, unauthorized access of user ID information, etc.
  • According to an aspect of the present invention, there is provided a user identifier (ID) update system comprising: a security environment collecting unit collecting unauthorized access attempt information for a user ID; an ID policy creating unit creating a user ID update policy for an encoded user ID obtained by encoding the user ID, according to the unauthorized access attempt information received from the security environment collecting unit; an ID policy storage unit storing the user ID update policy; and an ID update unit loading the user ID update policy from the ID policy storage unit, creating a new user ID according to the user ID update policy, and changing the user ID to the new user ID.
  • According to another aspect of the present invention, there is provided a user identifier (ID) updating method comprising: (a) collecting unauthorized access attempt information for a user ID; (b) creating a user ID update policy for an encoded user ID obtained by encoding the user ID, according to the unauthorized access attempt information collected in operation (a); (c) storing the user ID update policy created in operation (b); (d) loading the user ID update policy stored in operation (c) and determining whether or not to update the user ID; and (e) creating a new user ID if it is determined in operation (d) that the user ID should be updated, and changing the user ID to the new user ID.
  • According to still another aspect of the present invention, there is provided a user identifier (ID) updating method comprising: (a) receiving a user ID update policy created by a service provider server which is federated with a user ID update system through the user ID; (b) storing the user ID update policy received in operation (a); (c) loading the user ID update policy stored in operation (b) and determining whether or not to update the user ID; and (d) creating a new user ID if it is determined in operation (c) that the user ID should be updated, and changing the user ID to the new user ID.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The above and other features and advantages of the present invention will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings in which:
  • FIG. 1 is a block diagram of a user identifier (ID) update system according to an embodiment of the present invention;
  • FIG. 2 is a view for explaining examples of user IDs shared between the user ID update system illustrated in FIG. 1 and service provider servers;
  • FIG. 3 is a view illustrating an example of a user ID updating policy illustrated in FIG. 1;
  • FIG. 4 is a flowchart illustrating a user ID updating method according to an embodiment of the present invention;
  • FIG. 5 is a flowchart illustrating in detail an operation S410 illustrated in FIG. 4; and
  • FIG. 6 is a flowchart illustrating a user ID updating method according to another embodiment of the preset invention.
    •  DETAILED DESCRIPTION OF THE INVENTION
  • The present invention will now be described more fully with reference to the accompanying drawings, in which exemplary embodiments of the invention are shown.
  • FIG. 1 is a block diagram of a user identifier (ID) update system 100 according to an embodiment of the present invention. Referring to FIG. 1, the user ID update system 100 includes a security environment collecting unit 110, an ID policy creating unit 120, an ID policy storage unit 130, an ID policy transmitting unit 140, an ID policy receiving unit 150, an ID update unit 160, an ID transmitting unit 170, and an ID receiving unit 180. Here, the ID update unit 160 includes an ID creating part 162 and an ID storage part 164.
  • The security environment collecting unit 110 collects unauthorized access attempt information on the user ID update system 100 and user IDs. In this case, the user IDs are randomly encoded user IDs. The ID policy creating unit 120 creates a user ID update policy according to the unauthorized access attempt information received from the policy environment collecting unit 110. The user ID update policy will be described in detail later with reference to FIG. 3.
  • The ID policy storage unit 130 stores the user ID update policy created by the ID policy creating unit 120.
  • The ID policy transmitting unit 140 provides the user ID update policy created by the ID policy creating unit 120 to a service provider server which is federated with the user ID update system 100 through the user ID.
  • Thereafter, the service provider server which is federated with the user ID update system 100 through the user ID updates the user ID under a predetermined condition, according to the user ID update policy created by the ID policy creating unit 120. Here, each service provider server, which is federated with the user ID update system 100 through the user ID, stores all user IDs which are shared by the user ID update system 100 and the service provider server. Thus, when a user which has acquired an authentication from the user ID update system 100 through his/her ID and password accesses the service provider server in order to use services of the service provider server, the user ID update system 100 transmits the user ID shared by the service provider server to the service provider server. Accordingly, the user can use the services of the service provider server without any further authentication.
  • The ID policy receiving unit 150 receives the user ID update policy created by the service provider server which is federated with the user ID update system 100 through the user ID, and stores the received user ID update policy in the ID policy storage unit 130.
  • The ID update unit 160 loads the user ID update policy stored in the ID policy storage unit 130, creates and stores a new user ID according to the user ID update policy, and changes the pre-stored user ID to the new user ID.
  • The ID update unit 160 includes the ID creating part 162 and the ID storage part 164 as described above. The ID creating part 162 loads the user ID update policy from the ID policy storage unit 130 and creates the new user ID according to the user ID update policy. The ID storage part 164 stores the new user ID created by the ID creating part 162, and changes the pre-stored user ID to the new user ID.
  • The ID transmitting unit 170 transmits the new user ID to the service provider server which is federated with the user ID update system 100 through the user ID.
  • As described above, the user ID update system 100 and the service provider server federated with the user ID update system 100 through the user ID, respectively store user IDs which are shared by them. If the user ID update system 100 creates and updates a new user ID, it transmits the new user ID to the service provider server, so that the service provider server also updates the corresponding user ID.
  • The ID receiving unit 180 receives a new user ID created by the service provider server federated with the user ID update system 100 through the user ID, and transmits the new user ID to the ID update unit 160. The ID update unit 160 stores the new user ID in the ID storage part 164 and changes the pre-stored user ID to the new user ID.
  • FIG. 2 is a view for explaining examples of user IDs shared between a user ID update system 200 and service provider servers;
  • Referring to FIG. 2, a method in which the user ID update system 200 and the service provider servers are federated with each other and provide Single Sign-On (SSO) for a user “Joe”, will be explained below.
  • As illustrated in FIG. 2, the user ID update system 200 uses “Joe123” as a user ID for the user “Joe”, a first service provider server 220 uses “JoeS” as a user ID for the user “Joe”, and a second service provider server 240 uses “JSch” as a user ID for the user “Joe”.
  • If the user ID update system 200 is federated with the first service provider server 220, the user ID update system 200 uses “mr3tTJ3401mN2ED” as a user ID for the user “Joe” and the user ID “mr3tTJ3401mN2ED” is stored in the user ID update system 200 and the first service provider server 220. Also, the first service provider server 220 uses “dTvliRcMIpCqV6xX” as a user ID for the user “Joe” and the user ID “dTvliRcMIpCqV6xX” is stored in the user ID update system 200 and the first service provider server 220.
  • As described above, the user IDs shared between the user ID update system 200 and the first service provider server 220 must be randomly created and periodically updated in order to prevent the user IDs from being revealed.
  • If the user ID update system 200 is federated with the second service provider server 240, the user ID update system 200 uses “xyrVds+xg0/pzSgx” as a user ID for the user “Joe” and the user ID “xyrVds+xg0/pzSgx” is stored in the user ID update system 200 and the second service provider server 240. Also, the second service provider server 240 uses “pfk9uzUN9JcWmk4RF” as a user ID for the user “Joe” and the user ID “pfk9uzUN9JcWmk4RF” is stored in the user ID update system 200 and the second service provider server 240.
  • As described above, the user IDs shared between the user ID update system 200 and the second service provider server 240 must be randomly created and periodically updated in order to prevent the user IDs from being revealed.
  • FIG. 3 is a view illustrating an example of the user ID update policy illustrated in FIG. 1. Referring to FIG. 3, the user ID update policy may be one of an update_Now policy, an update_Short policy, an update_Long policy, and an update_Normal policy. The update_Now policy is applied to immediately update the user ID when the user ID update system 200 or the user ID is accessed without authorization. In FIG. 3, the update-policy is set to immediately update the user ID. The update_Short policy is applied to update the user ID as promptly as possible when unauthorized access attempts on the user ID update system 200 or user ID information are frequent. A determination on whether or not unauthorized access attempts are frequent depends as to the number of unauthorized access attempts occurring during a predetermined period (that is, it is determined that unauthorized access attempts are frequent when the number of unauthorized access attempts exceeds a predetermined number). In FIG. 3, the update_Short policy is set to update the user ID after 10 days have elapsed.
  • The update_Long policy is applied to update the user ID more frequently than in a normal status when unauthorized access attempts on the user ID update system 200 or user ID information occasionally occur. Here, whether or not unauthorized access attempts are defined as happening occasionally depends on the number of unauthorized access attempts occurring during a predetermined period (that is, it is determined that unauthorized access attempts occasionally occur when the number of unauthorized access attempts is less than a predetermined number). In FIG. 3, the update_Long policy is set to update the user ID after 30 days have elapsed.
  • The update_Normal policy is applied to normally update the user ID when there is no unauthorized access attempt on the user ID update system 200 and user ID information. In FIG. 3, the update_Normal policy is set to update the user ID after 60 days have elapsed.
  • FIG. 3 illustrates an example where the update_Now policy is set to immediately update the user ID, the update_Short policy is set to update the user ID after 10 days have elapsed, the update_Long policy is set to update the user ID after 30 days have elapsed, and the update_Normal policy is set to update the user ID after 60 days have elapsed, but the invention is not limited to this.
  • FIG. 4 is a flowchart illustrating a user ID updating method according to an embodiment of the present invention.
  • Referring to FIG. 4, firstly, unauthorized access attempt information on a user ID update system or user ID information is collected (operation S400).
  • Then, a user ID update policy for an encoded user ID obtained by encoding a user ID is created according to the unauthorized access attempt information collected in operation S400 (operation S410). In more detail, the user ID update policy may be one of: an update_Now policy for immediately updating a user ID; an update_Short policy for updating a user ID after 10 days have elapsed; an update_Long policy for updating a user ID after 30 days have elapsed; and an update_Normal policy for updating a user ID after 60 days have elapsed. The user ID updating policies created according to the unauthorized access attempt information will be described in detail later with reference to FIG. 5. Here, the user ID is an encoded user ID obtained by randomly encoding a user ID.
  • Then, the user ID update policy created in operation S410 is stored (operation S420).
  • Next, the user ID update policy stored in operation S420 is loaded and it is determined whether or not the user ID should be updated (operation S430). A decision on whether or not the user ID should be updated depends on whether or not a predetermined period defined in the user ID update policy has elapsed.
  • If it is determined in operation S430 that the user ID does not need to be updated, the process proceeds to operation S440 so as to determine whether or not the predetermined time has elapsed. If it is determined in operation S440 that he predetermined time has not elapsed, operation S440 is repeated. If it is determined that the predetermined time has elapsed, the process returns to operation S430.
  • Meanwhile, if it is determined in operation S430 that the user ID should be updated, the method proceeds to operation S450. In operation S450, a new user ID is created.
  • Then, the new user ID is stored and the pre-stored user ID is changed to the new user ID (operation S460).
  • Successively, the new user ID created in operation S460 is transmitted to a service provider server which is federated with the user ID update system through the user ID (operation S470).
  • FIG. 5 is a flowchart illustrating in detail the operation S410 illustrated in FIG. 4. Referring to FIG. 5, it is determined whether an unauthorized access attempt on the user ID occurs based on the unauthorized access attempt information collected in operation S400 (operation S411).
  • If it is determined in operation S411 that no unauthorized access attempt occurs, the process proceeds to operation S417 and the update_Normal policy is created. If it is determined in operation S411 that an unauthorized access attempt occurs, the process proceeds to operation S412.
  • In operation S412, it is determined whether or not unauthorized access has occurred based on the unauthorized access attempt information.
  • If it is determined in operation S412 that unauthorized access has occurred, the process proceeds to operation S414 and the update_Now policy is created. On the contrary, if it is determined in operation S413 that no unauthorized access has occurred, the process proceeds to operation S413.
  • In operation S413, it is determined whether or not the number of unauthorized access attempts exceeds a predetermined number. Different update policies can be applied according to whether the number of unauthorized access attempts is more or less than a predetermined number. If it is determined in operation S413 that the number of unauthorized access attempts exceeds the predetermined number, the process proceeds to operation S415 and the update_Short policy is created. Meanwhile, if it is determined in operation S413 that the number of unauthorized access attempts is less than the predetermined number, the process proceeds to operation S416 and the update_Long policy is created.
  • As described above, the user ID update policy may be one of: the update_Now policy, the update_Short policy, the update_Long policy, and the update_Normal policy. The respective user ID update policies will now be described in detail.
  • The update_Now policy is used for immediately updating the user ID when the user ID update system or the user ID is accessed without authorization. In FIG. 5, the updata_Now policy immediately updates the user ID. The update_Short policy is used for updating the user ID as promptly as possible when unauthorized access attempts on the user ID update system or the user ID are frequent. Whether or not unauthorized access attempts are defined as being frequent depends on the number of unauthorized access attempts occurring during a predetermined period (that is, it is determined that unauthorized access attempts are frequent when the number of unauthorized access attempts exceeds a predetermined number). In FIG. 5, the update_Short policy updates the user ID after 10 days have elapsed. The update_Long policy is applied when unauthorized access attempts on the user ID update system or user ID information occasionally occur. Whether or not unauthorized access attempts are defined as happening occasionally depends on the number of unauthorized access attempts occurring during a predetermined period (that is, it is determined that unauthorized access attempts occasionally occur when the number of unauthorized access attempts is less than the predetermined number). In FIG. 5, the update_Long policy updates the user ID after 30 days have elapsed. The update_Normal policy is used for updating the user ID in a normal state when there is no unauthorized access attempt on the user ID update system and the user ID. In FIG. 5, the update_Normal policy updates the user ID after 60 days have elapsed.
  • FIG. 5 illustrates an example in which the update_Now policy is set to immediately update the user ID, the update_Short policy is set to update the user ID after 10 days have elapsed, the update_Long policy is set to update the user ID after 30 days have elapsed, and the update_Normal policy is set to update the user ID after 60 days have elapsed, but the invention is not limited to this.
  • FIG. 6 is a flowchart illustrating a user ID updating method according to another embodiment of the present invention. Referring to FIG. 6, firstly, a service provider server which is federated with a user ID update system through a user ID receives a user ID update policy (operation S600). In more detail, the user ID update policy may be one of: an update_Now policy for immediately updating a user ID; an update_Short policy for updating a user ID after 10 days have elapsed; an update_Long policy for updating a user ID after 30 days have elapsed; and an update_Normal policy for updating a user ID after 60 days have elapsed. Here, the user ID is an encoded user ID obtained by randomly encoding a user ID.
  • Then, the user ID update policy created in operation S600 is stored (operation S610).
  • Successively, the user ID update policy stored in operation S610 is loaded and it is determined whether or not the user ID should be updated (operation S620). Whether or not the user ID should be updated depends on whether or not a predetermined period defined in the user ID update policy has elapsed.
  • If it is determined in operation S620 that the user ID does not need to be updated, the process proceeds to operation S630 and it is determined whether or not the predetermined time has elapsed. If it is determined in operation S630 that the predetermined time has not elapsed, operation S630 is repeated. If it is determined that the predetermined time has elapsed, the process reverts to operation S620.
  • Meanwhile, if it is determined in operation S620 that the user ID should be updated, the process proceeds to operation S640. In operation S640, a new user ID is created.
  • Then, the new user ID is stored and the pre-stored user ID is changed to the new user ID (operation S650).
  • Next, the new user ID created in operation S650 is transmitted to a service provider server which is federated with the user ID update system through the user ID (operation S660).
  • The present invention can also be embodied as computer readable code on a computer readable recording medium. The computer readable recording medium is any data storage device that can store data which can be thereafter read by a computer system. Examples of the computer readable recording medium include read-only memory (ROM), random-access memory (RAM), CD-ROMs, magnetic tapes, floppy disks, optical data storage devices, and carrier waves. The computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.
  • As described above, according to the present invention, it is possible to ensure security between systems and provide reliability for user IDs, by dynamically creating and updating user IDs which are shared between systems, considering security environments, such as unauthorized access of systems, unauthorized access of user ID information, etc.
  • While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present invention as defined by the following claims.

Claims (16)

1. A user identifier (ID) update system comprising:
a security environment collecting unit collecting unauthorized access attempt information for a user ID;
an ID policy creating unit creating a user ID update policy for an encoded user ID obtained by encoding the user ID, according to the unauthorized access attempt information received from the security environment collecting unit;
an ID policy storage unit storing the user ID update policy; and
an ID update unit loading the user ID update policy from the ID policy storage unit, creating a new user ID according to the user ID update policy, and changing the user ID to the new user ID.
2. The system of claim 1, further comprising:
an ID policy transmitting unit transmitting the user ID update policy to a service provider server which is federated with the user ID update system through the user ID.
3. The system of claim 1, further comprising:
an ID policy receiving unit receiving a user ID update policy created by a service provider server which is federated with the user ID update system, and storing the received user ID update policy in the ID policy storage unit.
4. The system of claim 1, wherein the ID update unit includes:
an ID creating part loading a user ID update policy from the ID policy storage unit and creating a new user ID according to the user ID update policy; and
an ID storage part storing the new user ID created by the ID creating part and changing the user ID to the new user ID.
5. The system of claim 4, further comprising:
an ID receiving unit receiving the new user ID created by the federated service provider server and storing the new user ID in the ID storage part.
6. The system of claim 1, further comprising:
an ID transmitting unit transmitting the new user ID created by the ID update unit to a service provider server which is federated with the user ID update system.
7. The system of claim 1, wherein the user ID update policy is one of:
an update_Now policy for immediately updating the user ID when the unauthorized access attempt information indicates that the user ID has been accessed without authorization;
an update_Short policy for updating the user ID after a first period has elapsed when the unauthorized access attempt information indicates that a number of unauthorized access attempts on the user ID exceeds a predetermined number;
an update_Long policy for updating the user ID after a second period longer than the first period has elapsed when the unauthorized access attempt information indicates that the number of unauthorized access attempts on the user ID is less than the predetermined number; and
an update_Normal policy for updating the user ID after a third period longer than the second period has elapsed when the unauthorized access attempt information indicates that there has been no unauthorized access attempt on the user ID.
8. A user identifier (ID) updating method comprising:
(a) collecting unauthorized access attempt information for a user ID;
(b) creating a user ID update policy for an encoded user ID obtained by encoding the user ID, according to the unauthorized access attempt information collected in operation (a);
(c) storing the user ID update policy created in operation (b);
(d) loading the user ID update policy stored in operation (c) and determining whether or not to update the user ID; and
(e) creating a new user ID if it is determined in operation (d) that the user ID should be updated, and changing the user ID to the new user ID.
9. The method of claim 8, further comprising:
transmitting the user ID update policy created in operation (b) to a service provider server which is federated with the user ID update system through the user ID.
10. The method of claim 8, further comprising:
transmitting the new user ID created in operation (e) to a service provider server which is federated with the user ID update system through the user ID.
11. The method of claim 8, wherein the user ID update policy is one of:
an update_Now policy for immediately updating the user ID when the unauthorized access attempt information indicates that the user ID is hacked;
an update_Short policy for updating the user ID after a first period has elapsed when the unauthorized access attempt information indicates that a number of unauthorized access attempts on the user ID occur exceeds a predetermined number;
an update_Long policy for updating the user ID after a second period longer than the first period has elapsed when the unauthorized access attempt information indicates that the number of unauthorized access attempts on the user ID is less than the predetermined number; and
an update_Normal policy for updating the user ID after a third period longer than the second period has elapsed when the unauthorized access attempt information indicates that there has been no unauthorized access attempt on the user ID.
12. The method of claim 11, wherein, in operation (d), determining whether or not to update the user ID depends on whether or not a predetermined period corresponding to the user ID update policy has elapsed.
13. A user identifier (ID) updating method comprising:
(a) receiving a user ID update policy created by a service provider server which is federated with a user ID update system through the user ID;
(b) storing the user ID update policy received in operation (a);
(c) loading the user ID update policy stored in operation (b) and determining whether or not to update the user ID; and
(d) creating a new user ID if it is determined in operation (c) that the user ID should be updated, and changing the user ID to the new user ID.
14. The method of claim 13, further comprising:
transmitting the new user ID created in operation (d) to the service provider server.
15. The method of claim 13, wherein, in operation (a), the policy ID update policy is one of:
an update_Now policy for immediately updating the user ID when unauthorized access attempt information indicates that the user ID has been accessed without authorization;
an update_Short policy for updating the user ID after a first period has elapsed when the unauthorized access attempt information indicates that a number of unauthorized access attempts on the user ID exceeds a predetermined number;
an update_Long policy for updating the user ID after a second period longer than the first period has elapsed when the unauthorized access attempt information indicates that the number of unauthorized access attempts on the user ID is less than the predetermined number; and
a update_Normal policy for updating the user ID after a third period longer than the second period has elapsed when the unauthorized access attempt information indicates that there has been no unauthorized access attempt on the user ID.
16. The method of claim 15, wherein, in operation (c), determining on whether or not to update the user ID depends on whether or not a predetermined period corresponding to the user ID update policy has elapsed.
US11/720,775 2004-12-07 2005-10-25 System and method for updating user identifiers (IDs) Expired - Fee Related US8522305B2 (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
KR10-2004-0102390 2004-12-07
KR20040102390 2004-12-07
KR1020050051085A KR100639993B1 (en) 2004-12-07 2005-06-14 Method and system for updating of user identifier
KR10-2005-0051085 2005-06-14
PCT/KR2005/003550 WO2006062289A1 (en) 2004-12-07 2005-10-25 System and method for updating user identifiers (ids)

Publications (2)

Publication Number Publication Date
US20090235326A1 true US20090235326A1 (en) 2009-09-17
US8522305B2 US8522305B2 (en) 2013-08-27

Family

ID=37159576

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/720,775 Expired - Fee Related US8522305B2 (en) 2004-12-07 2005-10-25 System and method for updating user identifiers (IDs)

Country Status (2)

Country Link
US (1) US8522305B2 (en)
KR (1) KR100639993B1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012103744A (en) * 2010-11-05 2012-05-31 Jr East Mechatronics Co Ltd Information processor, id data management method and program
US20120174205A1 (en) * 2010-12-31 2012-07-05 International Business Machines Corporation User profile and usage pattern based user identification prediction
US20120254949A1 (en) * 2011-03-31 2012-10-04 Nokia Corporation Method and apparatus for generating unique identifier values for applications and services
US20140282954A1 (en) * 2012-05-31 2014-09-18 Rakuten, Inc. Identification information management system, method for controlling identification information management system, information processing device, program, and information storage medium
JP2015108903A (en) * 2013-12-03 2015-06-11 日本電信電話株式会社 Distributed information cooperation system and data operation method therefor and program
US9246882B2 (en) 2011-08-30 2016-01-26 Nokia Technologies Oy Method and apparatus for providing a structured and partially regenerable identifier
US10986090B1 (en) * 2019-05-20 2021-04-20 Rapid7, Inc. Security orchestration and automation using biometric data
US11694546B2 (en) * 2020-03-31 2023-07-04 Uber Technologies, Inc. Systems and methods for automatically assigning vehicle identifiers for vehicles

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9760390B2 (en) * 2013-07-16 2017-09-12 Empire Technology Development Llc Processor identification for virtual machines
US10021108B2 (en) * 2014-10-16 2018-07-10 Ca, Inc. Anomaly detection for access control events
KR102175317B1 (en) * 2020-07-02 2020-11-06 굿모닝아이텍(주) Virtual Desktop Infrastructure
KR102179185B1 (en) * 2020-07-02 2020-11-17 굿모닝아이텍(주) Server Management system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020078386A1 (en) * 2000-12-18 2002-06-20 Bones Robert Delee Incorporating password change policy into a single sign-on environment
US20040003294A1 (en) * 2002-06-27 2004-01-01 International Business Machines Corporation Method and apparatus for monitoring a network data processing system
US20040117216A1 (en) * 2002-12-12 2004-06-17 International Business Machines Corporation System and method for accessibility insurance coverage management
US20050114673A1 (en) * 2003-11-25 2005-05-26 Amit Raikar Method and system for establishing a consistent password policy
US20060053296A1 (en) * 2002-05-24 2006-03-09 Axel Busboom Method for authenticating a user to a service of a service provider
US20070006286A1 (en) * 2005-07-02 2007-01-04 Singhal Tara C System and method for security in global computer transactions that enable reverse-authentication of a server by a client
US8205239B1 (en) * 2007-09-29 2012-06-19 Symantec Corporation Methods and systems for adaptively setting network security policies

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0236456A (en) 1988-07-26 1990-02-06 Mitsubishi Electric Corp Hacker preventing device and its key word preparing method
GB9712459D0 (en) 1997-06-14 1997-08-20 Int Computers Ltd Secure database system
JPH11102337A (en) 1997-09-29 1999-04-13 Hitachi Ltd Data distribution route management device
JP2000339271A (en) 1999-05-28 2000-12-08 Nec Corp Password integration management system
KR20010110013A (en) 2000-06-05 2001-12-12 송제훈 The method for managing ID and password
KR20020028297A (en) 2000-10-09 2002-04-17 김장우 System for integrated ID management

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020078386A1 (en) * 2000-12-18 2002-06-20 Bones Robert Delee Incorporating password change policy into a single sign-on environment
US20060053296A1 (en) * 2002-05-24 2006-03-09 Axel Busboom Method for authenticating a user to a service of a service provider
US20040003294A1 (en) * 2002-06-27 2004-01-01 International Business Machines Corporation Method and apparatus for monitoring a network data processing system
US20040117216A1 (en) * 2002-12-12 2004-06-17 International Business Machines Corporation System and method for accessibility insurance coverage management
US20050114673A1 (en) * 2003-11-25 2005-05-26 Amit Raikar Method and system for establishing a consistent password policy
US20070006286A1 (en) * 2005-07-02 2007-01-04 Singhal Tara C System and method for security in global computer transactions that enable reverse-authentication of a server by a client
US8205239B1 (en) * 2007-09-29 2012-06-19 Symantec Corporation Methods and systems for adaptively setting network security policies

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012103744A (en) * 2010-11-05 2012-05-31 Jr East Mechatronics Co Ltd Information processor, id data management method and program
US20120174205A1 (en) * 2010-12-31 2012-07-05 International Business Machines Corporation User profile and usage pattern based user identification prediction
US20120216277A1 (en) * 2010-12-31 2012-08-23 International Business Machines Corporation User profile and usage pattern based user identification prediction
US20120254949A1 (en) * 2011-03-31 2012-10-04 Nokia Corporation Method and apparatus for generating unique identifier values for applications and services
US9246882B2 (en) 2011-08-30 2016-01-26 Nokia Technologies Oy Method and apparatus for providing a structured and partially regenerable identifier
US20140282954A1 (en) * 2012-05-31 2014-09-18 Rakuten, Inc. Identification information management system, method for controlling identification information management system, information processing device, program, and information storage medium
EP2759960A4 (en) * 2012-05-31 2016-08-10 Rakuten Inc IDENTIFICATION INFORMATION MANAGEMENT SYSTEM, IDENTIFICATION INFORMATION MANAGEMENT SYSTEM CONTROL METHOD, INFORMATION PROCESSING DEVICE, PROGRAM, AND INFORMATION STORAGE MEDIUM
JP2015108903A (en) * 2013-12-03 2015-06-11 日本電信電話株式会社 Distributed information cooperation system and data operation method therefor and program
US10986090B1 (en) * 2019-05-20 2021-04-20 Rapid7, Inc. Security orchestration and automation using biometric data
US11743252B2 (en) 2019-05-20 2023-08-29 Rapid7, Inc. Security workflows to mitigate vulnerabilities in biometric devices
US11750602B2 (en) 2019-05-20 2023-09-05 Rapid7, Inc. Orchestrating security operations using bifurcated biometric data
US11694546B2 (en) * 2020-03-31 2023-07-04 Uber Technologies, Inc. Systems and methods for automatically assigning vehicle identifiers for vehicles

Also Published As

Publication number Publication date
KR100639993B1 (en) 2006-10-31
KR20060063606A (en) 2006-06-12
US8522305B2 (en) 2013-08-27

Similar Documents

Publication Publication Date Title
JP5593327B2 (en) Method and system for impersonating a user
US7200863B2 (en) System and method for serving content over a wide area network
US7496952B2 (en) Methods for authenticating a user's credentials against multiple sets of credentials
US9059988B2 (en) Printing device capable of authorizing printing limitedly according to user level, printing system using the same and printing method thereof
US6327658B1 (en) Distributed object system and service supply method therein
US9542540B2 (en) System and method for managing application program access to a protected resource residing on a mobile device
US7490347B1 (en) Hierarchical security domain model
US7865950B2 (en) System of assigning permissions to a user by password
EP0752635B1 (en) System and method to transparently integrate private key operations from a smart card with host-based encryption services
US20040192303A1 (en) Securing data of a mobile device after losing physical control of the mobile device
US8234694B2 (en) Method and apparatus for re-establishing communication between a client and a server
US8522305B2 (en) System and method for updating user identifiers (IDs)
MXPA03010778A (en) Methods and systems for authentication of a user for sub-locations of a network location.
US20080115223A1 (en) Techniques for variable security access information
JP6099384B2 (en) Information communication system, authentication apparatus, information communication system access control method, and access control program
KR101015354B1 (en) Movement of principals across security boundaries without service interruption
US7593919B2 (en) Internet Web shield
US7814330B2 (en) Method and apparatus for facilitating multi-level computer system authentication
JP2003178029A (en) Authentication managing system and method, authentication server, session managing server and program
CN117714151A (en) Access control method, system and medium for encrypted traffic
WO2006062289A1 (en) System and method for updating user identifiers (ids)
EP3107021A1 (en) Access to a user account from different consecutive locations
KR101066729B1 (en) Method and system for user authentication of sub-location of network location

Legal Events

Date Code Title Description
AS Assignment

Owner name: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTIT

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHO, YEONG-SUB;CHO, SANG-RAE;CHOI, DAE-SEON;AND OTHERS;REEL/FRAME:019374/0925;SIGNING DATES FROM 20070516 TO 20070519

Owner name: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTIT

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHO, YEONG-SUB;CHO, SANG-RAE;CHOI, DAE-SEON;AND OTHERS;SIGNING DATES FROM 20070516 TO 20070519;REEL/FRAME:019374/0925

STCF Information on status: patent grant

Free format text: PATENTED CASE

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

REMI Maintenance fee reminder mailed
FPAY Fee payment

Year of fee payment: 4

SULP Surcharge for late payment
MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2552); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 8

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20250827